From owner-freebsd-security@FreeBSD.ORG  Sat Oct 14 08:09:39 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AD04F16A403
	for <freebsd-security@freebsd.org>;
	Sat, 14 Oct 2006 08:09:39 +0000 (UTC) (envelope-from harald@clef.at)
Received: from stud3.tuwien.ac.at (stud3.tuwien.ac.at [193.170.75.13])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C93C743D49
	for <freebsd-security@freebsd.org>;
	Sat, 14 Oct 2006 08:09:36 +0000 (GMT) (envelope-from harald@clef.at)
Received: from bluedaemon.clef.test (v209-200.vps.tuwien.ac.at
	[128.131.209.200])
	by stud3.tuwien.ac.at (8.9.3 (PHNE_29774)/8.9.3) with ESMTP id KAA22669
	for <freebsd-security@freebsd.org>;
	Sat, 14 Oct 2006 10:09:32 +0200 (METDST)
To: freebsd security <freebsd-security@freebsd.org>
References: <20061010185141.ce3e7134.wmoran@collaborativefusion.com>
	<452C25A2.6080809@freebsd.org>
From: Harald Muehlboeck <home@clef.at>
Date: Sat, 14 Oct 2006 10:12:11 +0200
In-Reply-To: <452C25A2.6080809@freebsd.org> (Colin Percival's message of
	"Tue, 10 Oct 2006 15:58:42 -0700")
Message-ID: <86odsfmi3o.fsf@tuha.clef.at>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailman-Approved-At: Sat, 14 Oct 2006 11:43:24 +0000
Subject: Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO
 Denial of Service Vulnerability
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Oct 2006 08:09:39 -0000

Colin Percival <cperciva@freebsd.org> writes:

>> "The policy of the FreeBSD Security Team is that local denial of service
>> bugs not be treated as security issues; it is possible that this problem
>> will be corrected in a future Erratum."
>
> If there was any potential for
> (a) privilege escalation,
> (b) disclosure of potentially sensitive information, or
> (c) denial of service by a non-authenticated attacker,
> we would have issued a security advisory.

I am missing this information on <http://www.freebsd.org/security/>.

The site does not say wich bugs are treated as security issue and
which are not. Perhaps these three points above can be added to the
website.